Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-15064

HTTP 500 authentication error in CIBA workflow when user do not have registered mobile device

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Duplicate
    • Affects Version/s: 6.5.2, 7.0.0
    • Fix Version/s: None
    • Component/s: oauth2
    • Labels:
    • Sprint:
      AM 2019.9 - Crane

      Description

      Bug description

      There is HTTP 500 error, when user do not have registered mobile device

      How to reproduce the issue

      1. follow https://docs.google.com/document/d/1HlPCIUDZj7uQsMXOTie_hSGzE3qaS0Rn4GJg_1KKfYc/edit to configure CIBA
      2. remove all push devices
      3. do CIBA authorization request to get auth_req_id
      Expected behaviour
      HTTP 400 error saying that it is not possible to send notification - not sure how much information disclose here. I suppose it would be good to be careful
      
      Current behaviour
      HTTP 500 error
      {
          "error": "server_error",
          "error_description": "Error occurred during authentication"
      }
      
      Which looks like wrong client credentials were entered, 
      
      There is this message in debug:
      
      ERROR: Unable to create the OAuth2 request
      org.forgerock.oauth2.core.exceptions.ServerException: Error occurred during authentication
      	at org.forgerock.openam.oauth2.ciba.CtsBackChannelAuthnService.retrieveAuthenticationResponse(CtsBackChannelAuthnService.java:201)
      	at org.forgerock.openam.oauth2.ciba.CtsBackChannelAuthnService.initiateAuthentication(CtsBackChannelAuthnService.java:102)
      	at org.forgerock.openam.oauth2.ciba.CtsBackChannelAuthnService.initiateAuthentication(CtsBackChannelAuthnService.java:120)
      	at org.forgerock.openam.oauth2.ciba.CtsBackChannelAuthnService.initiate(CtsBackChannelAuthnService.java:94)
      	at org.forgerock.oauth2.restlet.BackChannelResource.backChannelAuthorize(BackChannelResource.java:166)
      	at sun.reflect.GeneratedMethodAccessor146.invoke(Unknown Source)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      	at java.lang.reflect.Method.invoke(Method.java:498)
      	at org.restlet.resource.ServerResource.doHandle(ServerResource.java:508)
      	at org.restlet.resource.ServerResource.post(ServerResource.java:1341)
      	at org.restlet.resource.ServerResource.doHandle(ServerResource.java:606)
      	at org.restlet.resource.ServerResource.doNegotiatedHandle(ServerResource.java:662)
      	at org.restlet.resource.ServerResource.doConditionalHandle(ServerResource.java:348)
      	at org.restlet.resource.ServerResource.handle(ServerResource.java:1020)
      	at org.restlet.resource.Finder.handle(Finder.java:236)
      	at org.restlet.routing.Filter.doHandle(Filter.java:150)
      	at org.restlet.routing.Filter.handle(Filter.java:197)
      	at org.restlet.routing.Filter.doHandle(Filter.java:150)
      	at org.restlet.routing.Filter.handle(Filter.java:197)
      	at org.restlet.routing.Router.doHandle(Router.java:422)
      	at org.forgerock.openam.rest.service.RestletRealmRouter.doHandle(RestletRealmRouter.java:94)
      	at org.restlet.routing.Router.handle(Router.java:641)
      	at org.restlet.routing.Filter.doHandle(Filter.java:150)
      	at org.restlet.routing.Filter.handle(Filter.java:197)
      	at org.restlet.routing.Filter.doHandle(Filter.java:150)
      	at org.restlet.routing.Filter.handle(Filter.java:197)
      	at org.restlet.routing.Filter.doHandle(Filter.java:150)
      	at org.restlet.engine.application.StatusFilter.doHandle(StatusFilter.java:140)
      	at org.restlet.routing.Filter.handle(Filter.java:197)
      	at org.restlet.routing.Filter.doHandle(Filter.java:150)
      	at org.restlet.routing.Filter.handle(Filter.java:197)
      	at org.restlet.engine.CompositeHelper.handle(CompositeHelper.java:202)
      	at org.restlet.engine.application.ApplicationHelper.handle(ApplicationHelper.java:77)
      	at org.restlet.Application.handle(Application.java:385)
      	at org.restlet.routing.Filter.doHandle(Filter.java:150)
      	at org.restlet.routing.Filter.handle(Filter.java:197)
      	at org.restlet.routing.Router.doHandle(Router.java:422)
      	at org.restlet.routing.Router.handle(Router.java:641)
      	at org.restlet.routing.Filter.doHandle(Filter.java:150)
      	at org.restlet.routing.Filter.handle(Filter.java:197)
      	at org.restlet.routing.Router.doHandle(Router.java:422)
      	at org.restlet.routing.Router.handle(Router.java:641)
      	at org.restlet.routing.Filter.doHandle(Filter.java:150)
      	at org.restlet.routing.Filter.handle(Filter.java:197)
      	at org.restlet.engine.CompositeHelper.handle(CompositeHelper.java:202)
      	at org.restlet.Component.handle(Component.java:408)
      	at org.restlet.Server.handle(Server.java:507)
      	at org.restlet.engine.connector.ServerHelper.handle(ServerHelper.java:63)
      	at org.restlet.engine.adapter.HttpServerHelper.handle(HttpServerHelper.java:143)
      	at org.restlet.ext.servlet.ServerServlet.service(ServerServlet.java:1117)
      	at org.forgerock.openam.rest.RestEndpointServlet$RestletHandler.handle(RestEndpointServlet.java:183)
      	at org.forgerock.http.handler.Handlers$UndescribedAsDescribableHandler.handle(Handlers.java:179)
      	at org.forgerock.openam.dpro.session.ProofOfPossessionTokenFilter.filter(ProofOfPossessionTokenFilter.java:87)
      	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
      	at org.forgerock.http.filter.TransactionIdInboundFilter.filter(TransactionIdInboundFilter.java:86)
      	at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:53)
      	at org.forgerock.http.servlet.HttpFrameworkServlet.service(HttpFrameworkServlet.java:264)
      	at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)
      	at org.forgerock.openam.rest.RestEndpointServlet$HttpServletWrapper.service(RestEndpointServlet.java:254)
      	at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)
      	at org.forgerock.openam.rest.RestEndpointServlet.service(RestEndpointServlet.java:132)
      	at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      	at org.forgerock.openam.validation.ResponseValidationFilter.doFilter(ResponseValidationFilter.java:59)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      	at org.forgerock.openam.headers.SetHeadersFilter.doFilter(SetHeadersFilter.java:80)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      	at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:115)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      	at org.forgerock.openam.audit.context.AuditContextFilter.doFilter(AuditContextFilter.java:46)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
      	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
      	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
      	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:493)
      	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
      	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
      	at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:660)
      	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
      	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
      	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:798)
      	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
      	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:808)
      	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1498)
      	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
      	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
      	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
      	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
      	at java.lang.Thread.run(Thread.java:748)
      Caused by: org.forgerock.openam.core.rest.authn.exceptions.RestAuthException: Login failure
      	at org.forgerock.openam.core.rest.authn.trees.FailureProcessTreeResult.authFailureException(FailureProcessTreeResult.java:92)
      	at org.forgerock.openam.core.rest.authn.trees.FailureProcessTreeResult.process(FailureProcessTreeResult.java:72)
      	at org.forgerock.openam.core.rest.authn.trees.AuthTrees.evaluateTreeAndProcessResult(AuthTrees.java:282)
      	at org.forgerock.openam.core.rest.authn.trees.AuthTrees.invokeTree(AuthTrees.java:253)
      	at org.forgerock.openam.core.rest.authn.RestAuthenticationHandler.authenticate(RestAuthenticationHandler.java:222)
      	at org.forgerock.openam.oauth2.ciba.CtsBackChannelAuthnService.retrieveAuthenticationResponse(CtsBackChannelAuthnService.java:185)
      	... 95 more
      
      
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                peter.major Peter Major [X] (Inactive)
                Reporter:
                lubomir.mlich Ľubomír Mlích
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: